Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbZero XEDB-ID:21979
HistoryNov 01, 2002 - 12:00 a.m.

ION Script 1.4 - Remote File Disclosure

2002-11-0100:00:00
Zero X
www.exploit-db.com
20

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/6091/info

A vulnerability has been discovered in ION Script.

By sending a malicious HTTP request to a webserver running the vulnerable ION Script package, it is possible for a remote attacker to disclose arbitrary webserver readable files. As webservers are often run with high privileges, it may be possible to disclose sensitive system files.

Exploiting this issue may allow an attacker to gain information required to launch further attacks against the target system.

ION Script for UNIX has also been confirmed vulnerable to this issue.

It is not yet known which ION Script packages are vulnerable to this issue. 

http://www.example.com/cgi-bin/ion-p.exe?page=c:\winnt\repair\sam

http://www.example.com/cgi-bin/ion-p?page=../../../../../etc/hosts

Related

cvelist 1
nvd 1
cve 1
nessus 1
openvas 1
cvelist
cvelist
CVE-2002-1559
2003-03-18 05:00:00
nvd
nvd
CVE-2002-1559
2003-03-31 05:00:00
cve
cve
CVE-2002-1559
2003-03-31 05:00:00
nessus
nessus
ION ion-p.exe page Parameter Traversal Arbitrary File Retrieval
2003-06-11 00:00:00
openvas
openvas
ion-p/ion-p.exe Directory Traversal Vulnerability
2005-11-03 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:21979
cvelist1nvd1cve1nessus1openvas1